BOSTON — Concerned that lax protocols have put people seeking health insurance in Massachusetts at risk of identity theft, a congressional committee is demanding answers from Gov. Deval Patrick about the state’s broken Health Connector website and its security protections.

Health Connector Executive Director Jean Yang will testify about problems with the state’s exchange before the U.S. House Committee on Oversight and Government Reform on Thursday, according to committee staff. Committee Chairman Darrell Issa, R-Calif., last week expressed concerns about security risks with the state website in a letter to Patrick that questions why so many state websites with moderate and high risk levels were allowed to connect to a federal data hub.

“Massachusetts failed to give employees the required security awareness training, including training on handling federal tax information, and did not require background or credit checks of employees before allowing them to have access to the IT system used to operate the exchange,” Issa wrote, citing a Sept. 18, 2013, security assessment. “Furthermore, the report noted that the exchange did not plan regular vulnerability scanning or penetration testing ‘upon go-live date.’ It is unclear when, if at all, the numerous deficiencies in the security of Massachusetts’ exchange were corrected.”

Patrick told reporters Monday afternoon that he had not yet read the letter from Issa but was aware of it, suggesting the congressman may have alerted the media to the letter before it was actually delivered to the governor’s office.

“I don’t think we have a reason to be concerned,” Patrick said.

Asked whether any issues have arisen with security, Patrick said, “There haven’t been that I know of.”

Apart from the Sept. 18 assessment, the chief information security officer at the Centers for Medicare and Medicaid Services gave Massachusetts and nine other states a “moderate” risk assessment and deemed 35 states “high risk," recommending only four states be allowed to connect to the data hub, according to Issa’s March 25 letter.

Federal officials had flagged security concerns ahead of the Oct. 1, 2013, launch, according to emails obtained by the committee and referenced in the letter. Ryan Brewer, the former chief of information security and current advisor to CMS, wrote that allowing states to connect to the hub without an appropriate review “introduces an unknown amount of risk” to the hub and the federally facilitated marketplace.

“This in turn puts the [personally identifiable information] of potentially millions of users at risk of identity theft and fraud to the CMS marketplace health care subsidy program,” Brewer wrote.

Brewer’s successor as chief information security officer at CMS, Teresa Fryer, indicated a predilection for permitting states to connect to the federal hub.

“[N]ormally I just review and sign what Ryan [Brewer] gives me anyway because the front office is signing them whether or not they are a high risk,” Fryer wrote in an email quoted by Issa.

Issa requested Massachusetts officials provide all communications between state and federal employees referring to the federal data hub, dating back to May 1, 2013, and any audits of the Connector’s development, readiness or security dating back to July 1, 2012.

As tens of thousands were unable to use the state’s Connector site to sign up for health insurance, Massachusetts policymakers have focused on providing coverage, including putting about 125,000 people into temporary Medicaid while they attempt to determine eligibility.

A concern about protecting the information of people who signed up for health insurance online has been raised by some, but has not been a focal point for policymakers.

“We should be able to report out on that perhaps even as early as Thursday,” Health and Human Services Secretary John Polanowicz told Rep. Viriato deMacedo at a Feb. 10 budget hearing where the Plymouth Republican questioned the security of data on the state’s site.

Asked about a report on the topic from Polanowicz, an HHS spokesman did not offer any new information, referencing a statement to the News Service earlier Monday from Connector spokesman Jason Lefferts. Asked about the concerns raised by Issa, Lefferts had written, “In order for states to connect to the federal data services hub, the federal government set high data security standards and the Massachusetts Health Insurance Exchange was one of 33 states that met those standards before Oct. 1. The commonwealth’s strong protections are safeguarding personal information every day and their effectiveness is backed up by the fact that we haven’t had a data breach.”

The Connector was late to highlight myriad problems with the Connector website, which was overhauled to comply with the federal Affordable Care Act.

The letter from Issa — who has also led investigations into a deadly attack on U.S. diplomats in Benghazi, Libya, and a contentious federal law enforcement gun-trafficking investigation dubbed “Fast and Furious” — noted that Massachusetts received more than $180 million in federal grants to set up its exchange, which has enrolled fewer than 13,000 people as of March 1, Issa’s letter said, calculating that every person enrolled through the exchange cost federal taxpayers $14,000.

“While the functional problems with the exchange are well known, little is publicly known about the major security vulnerabilities that were present with the exchange on Oct. 1, 2013, and which potentially remain today,” Issa wrote.

Pundits have pointed to the troubled rollout of President Barack Obama’s signature policy, modeled in part on the 2006 Massachusetts health reform, as a key for Republicans seeking to take back the U.S. Senate and to solidify their control of the U.S. House.

There are state-level policy considerations as well. Republican gubernatorial candidate Charlie Baker has said he would seek a waiver from the national law.

“On the hearing on Thursday, we have been invited to Thursday’s hearing and are still working on the details,” Lefferts wrote to the News Service. “We look forward to meeting with the subcommittees and talk about how implementing the Affordable Care Act has led to new, subsidized coverage for tens of thousands of people in Massachusetts.”

The Committee on Health Care Financing, which has been without a House chairman since Jan. 21, held a hearing in February in which lawmakers questioned Yang and Patrick’s special assistant, Sarah Iselin, criticizing the failed rollout and the administration’s response to it.

“I’m not leaving this hearing feeling any more comforted than when I came in,” said Rep. Majorie Decker, D-Cambridge, after the Feb. 12 hearing.

In addition to Yang, health insurance exchange officials from California, Hawaii, Maryland, Minnesota and Oregon will testify at the hearing in Washington, D.C., House Oversight spokeswoman Caitlin Carroll told the News Service.

“Here is to hoping we learn more details about what exactly happened in Massachusetts, as our state officials don’t seem keen on speaking on the topic locally, and our elected officials on Beacon Hill have not provided a regular outlet to facilitate those conversations,” wrote Pioneer Institute Director of Health Care Policy Josh Archambault, noting the directors of other troubled exchanges around the country have been fired or resigned.

In an early February report, MITRE, a consultant hired to examine the Connector site’s problems, reported that it appeared the state’s health insurance exchange and eligibility system had a “deficiency” in connection with its integration efforts as teams constructed functions and capabilities “in silos.” The security architecture, MITRE reported, was designed to work in concert with the portal, “serving protected content such as account creation, security attribution and login.”

“These two enterprise services were not designed and appropriately integrated or tested, resulting in account creation without appropriate security attributes,” MITRE reported.